Bug 272431 - Words crashes on undoing change list operation (deleting list marker)
Summary: Words crashes on undoing change list operation (deleting list marker)
Status: RESOLVED FIXED
Alias: None
Product: calligrawords
Classification: Applications
Component: general (show other bugs)
Version: Git
Platform: Compiled Sources Linux
: NOR crash
Target Milestone: ---
Assignee: Calligra Words Bugs
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-05-04 11:46 UTC by Elvis Stansvik
Modified: 2011-05-06 23:30 UTC (History)
3 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:


Attachments
The backtrace from the crash. (4.44 KB, text/plain)
2011-05-04 11:47 UTC, Elvis Stansvik
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Elvis Stansvik 2011-05-04 11:46:29 UTC
Version:           svn (using KDE 4.6.2) 
OS:                Linux

After applying a list style, then deleting the entire line using Backspace, then pressing "Undo", Words will crash.

Reproducible: Always

Steps to Reproduce:
1) Start Words with a blank document.
2) Apply a list style such as bullet list to the empty line.
3) Press Backspace two times.
4) Press "Undo Change List" in toolbar.
5) Crash. See attached backtrace.

Actual Results:  
Crash. See attached backtrace.

Expected Results:  
Not crash.

Running Git master, rev d64665c433994998b51ba890a0dcffcbb50f4d67.
Comment 1 Elvis Stansvik 2011-05-04 11:47:01 UTC
Created attachment 59610 [details]
The backtrace from the crash.
Comment 2 Sebastian Sauer 2011-05-04 19:53:32 UTC
I wasn't able to reproduce the crash using the steps but after I did undo and pressed redo I got;

[KCrash Handler]
#6  0xafbe0091 in QHash<int, KoList*>::value (this=0x8643de4, akey=@0xbfe331c4) at /usr/include/QtCore/qhash.h:607
#7  0xafbde8cd in ChangeListCommand::redo (this=0x8643dc0) at /home/kdab/src/kde/calligra/plugins/textshape/commands/ChangeListCommand.cpp:224
#8  0xb64d93e8 in QUndoStack::redo() () from /usr/lib/libQtGui.so.4
#9  0xb64ff1a0 in QUndoStack::qt_metacall(QMetaObject::Call, int, void**) () from /usr/lib/libQtGui.so.4
#10 0xb683df93 in KUndoStack::qt_metacall(QMetaObject::Call, int, void**) () from /usr/lib/libkdeui.so.5
#11 0xb57e28cd in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) () from /usr/lib/libQtCore.so.4
#12 0xb57f2a2c in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib/libQtCore.so.4
#13 0xb5dca2bd in QAction::triggered(bool) () from /usr/lib/libQtGui.so.4
#14 0xb5dca55b in QAction::activate(QAction::ActionEvent) () from /usr/lib/libQtGui.so.4
#15 0xb627cfe5 in ?? () from /usr/lib/libQtGui.so.4
#16 0xb6283c07 in ?? () from /usr/lib/libQtGui.so.4
#17 0xb6284ad5 in QMenu::mouseReleaseEvent(QMouseEvent*) () from /usr/lib/libQtGui.so.4
#18 0xb684655c in KMenu::mouseReleaseEvent(QMouseEvent*) () from /usr/lib/libkdeui.so.5
#19 0xb5e2c5b0 in QWidget::event(QEvent*) () from /usr/lib/libQtGui.so.4

So, there is something very fishy with the way the ChangeListCommand works.
Comment 3 Sebastian Sauer 2011-05-04 20:13:12 UTC
The reason for the crash named in comment #2 is that at ChangeListCommand.cpp:223+224 we do;

m_list.value(i)->updateStoredList(m_blocks.at(i));
KoListStyle *listStyle = m_list.value(i)->style();

The call to KoList::updateStoredList does;

textList->setFormat(format);

what changes the QTextBlock and seems to invalidate the KoList (maybe even the QTextBlock's?) what then results in a crash the next line.
Comment 4 Gopalakrishna Bhat 2011-05-06 05:07:34 UTC
A patch is poste for review here
https://git.reviewboard.kde.org/r/101301/
Comment 5 Sebastian Sauer 2011-05-06 17:28:08 UTC
Fantastic. Lot of thanks! So, can we close the report now?
Comment 6 Elvis Stansvik 2011-05-06 19:12:22 UTC
I just updated and I still get the crash, even with Gopal's fix. This is how I provoke the crash:

http://dl.dropbox.com/u/22350696/list-undo-crash.ogv

So you really can't reproduce?
Comment 7 Camilla Boemann 2011-05-06 23:30:27 UTC
was a problem loading old kwd template

kwd support is now removed, hence bug closed